Data from a recent survey suggests security solution providers could find new business opportunities by pursuing partnerships with GRC vendors to provide much-needed security expertise for GRC projects.
Lexington, Mass.-based market analysis firm Hypatia Research LLC recently surveyed more than 440 companies about their GRC requirements and investment plans. Hypatia’s research found the market for governance, risk and compliance is split between vendors that provide enterprise GRC services (eGRC) such as risk management and workflow tracking services, and vendors that provide technology-based GRC products (IT GRC) such as security tools to monitor access and communications for compliance.
© 2011 Hypatia Research, LLC
“The split between eGRC and IT-GRC is giving customers an incomplete
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
view of their entire GRC
picture," said Howard Baldwin, a senior analyst with Hypatia. For example, Baldwin cited
survey respondents who had a security appliance and a compliance application, but could not share
data between them.
Opportunities for security solution providers
Hypatia’s survey found customers plan to invest most heavily in eGRC functions, placing a lower
priority on IT
GRC software and services. “I was surprised how many people were looking at GRC and not
including basic concepts of security,” Baldwin said.
I was
surprised how
many people were looking at GRC and not including basic concepts of security.Howard Baldwin
Hypatia Research LLC
Baldwin believes the research reveals an opportunity for solution providers who can bring security expertise to GRC projects. But he cautions solution providers to understand both eGRC and IT GRC before approaching the customer.
“They should not just go in with security,” Baldwin said. “Instead, they should approach the customer by saying, ‘Let me tell you my plan for the security portion of your GRC problem.’”
Baldwin encourages solution providers to partner with a GRC vendor, even if that vendor has its own professional services staff. “Security is the blind spot for many of the GRC vendors we researched,” Baldwin said. He noted that relationships between the GRC vendor and the customer tend to be fluid, allowing the possibility of an independent consultant joining the project team.
Survey details
The respondents in Hypatia’s survey had direct accountability for the selection and use of eGRC
and IT GRC software and services. Most respondents came from large or mid-size companies in North
America, EMEA and Asia Pacific.
Hypatia’s surveyed respondents from a variety of industries including retail, insurance, manufacturing, telco, financial services, not-for-profit and healthcare. According to Baldwin, the survey revealed GRC priorities are consistent across all these industries, indicating security solution providers may find opportunities to support GRC projects no matter what industry their customers are in.
“GRC had its roots in highly regulated industries, such as medical and financial verticals,” Baldwin said. “But all companies need to be compliant in some manner today. GRC is turning out to be highly horizontal.”